Sessions: Only show part of the session ID

This commit is contained in:
Igor Scheller 2023-09-18 18:18:33 +02:00
parent c06cb767da
commit 40b93e3d8b
4 changed files with 12 additions and 8 deletions

View File

@ -16,7 +16,7 @@ class SessionFactory extends Factory
public function definition(): array
{
return [
'id' => $this->faker->lexify('??????????'),
'id' => $this->faker->lexify('????????????????????????????????'),
'payload' => $this->faker->text(100),
'user_id' => $this->faker->optional()->passthrough(User::factory()),
];

View File

@ -34,14 +34,14 @@
{% for session in sessions %}
<tr>
<td>
<pre>{{ session['id'] }}</pre>
<pre>{{ session.id[:15] }}&hellip;</pre>
</td>
<td>{{ session.last_activity.format(__('Y-m-d H:i:s')) }}</td>
<td>
{% if session.id != current_session %}
<form action="" enctype="multipart/form-data" method="post">
{{ csrf() }}
{{ f.hidden('id', session.id) }}
{{ f.hidden('id', session.id[:15]) }}
{{ f.submit(
__('form.delete'),
{'name': 'delete', 'btn_type': 'danger', 'size': 'sm', 'icon_left': 'trash'}

View File

@ -307,7 +307,10 @@ class SettingsController extends BaseController
->where('id', '!=', session()->getId());
if ($id != 'all') {
$query = $query->where('id', $id);
$this->validate($request, [
'id' => 'required|alnum|length:15:15',
]);
$query = $query->where('id', 'LIKE', $id . '%');
}
$query->delete();

View File

@ -14,6 +14,7 @@ use Engelsystem\Http\Response;
use Engelsystem\Models\Session as SessionModel;
use Engelsystem\Models\User\License;
use Engelsystem\Models\User\Settings;
use Illuminate\Support\Str;
use PHPUnit\Framework\MockObject\MockObject;
use Symfony\Component\HttpFoundation\Session\Session;
use Engelsystem\Helpers\Authenticator;
@ -619,7 +620,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', ['http://localhost/settings/sessions'], $this->response);
// Delete old user session
$this->request = $this->request->withParsedBody(['id' => $this->secondSession->id]);
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->secondSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request);
$this->assertHasNotification('settings.sessions.delete_success');
@ -636,7 +637,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', null, $this->response);
// Delete active user session
$this->request = $this->request->withParsedBody(['id' => $this->currentSession->id]);
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->currentSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request);
$this->assertCount(4, SessionModel::all()); // None got deleted
@ -652,7 +653,7 @@ class SettingsControllerTest extends ControllerTest
$this->setExpects($this->response, 'redirectTo', null, $this->response);
// Delete another users session
$this->request = $this->request->withParsedBody(['id' => $this->otherSession->id]);
$this->request = $this->request->withParsedBody(['id' => Str::substr($this->otherSession->id, 0, 15)]);
$this->controller->sessionsDelete($this->request);
$this->assertCount(4, SessionModel::all()); // None got deleted